[RFC PATCH 0/2] toolchain: build all user space with sanitizer on glibc

Hauke Mehrtens hauke at hauke-m.de
Sun Jan 17 12:10:34 EST 2021


This patch allows to build most the OpenWrt user space with address and 
undefined behavior sanitizer activated by default.
This only works with glibc and gcc 10 and I only tested this on x86 64 
so far. It is not intended to activate this by default ever, but this is 
helpful to detect (security) bugs in our applications.

The first patch adds a work around for a problem with our Kconfig 
system, I did not fully  understand the problems and only provided a 
workaround for it, if someone has any idea what is going wrong there 
this would be helpful.

I already found some problems like memory leaks and a use after free 
problem, will send separate mails for the later.

When these sanitizers are activated the OpenWrt userspace needs 
significant more memory, use at least 256MB for a basic system.

TODOs:
 * Fix the Kconfig recursive dependency problem 
 * Test this on more than x86 / 64
 * Make it depend on GCC 10 or wait till GCC 10 is the default.

Hauke Mehrtens (2):
  Workaround recursive error
  toolchain: Allow building with ASAN and UBSAN

 config/Config-build.in                     | 22 ++++++++++++++++++++++
 include/hardening.mk                       | 14 ++++++++++++++
 include/package-defaults.mk                |  2 +-
 include/toolchain-build.mk                 |  2 ++
 package/boot/grub2/Makefile                |  2 ++
 package/kernel/mac80211/Makefile           |  2 +-
 package/libs/toolchain/Makefile            |  2 ++
 package/network/services/dropbear/Makefile |  2 ++
 package/network/utils/iw/Makefile          | 11 ++++++++---
 package/utils/busybox/Makefile             |  2 ++
 10 files changed, 56 insertions(+), 5 deletions(-)

-- 
2.20.1




More information about the openwrt-devel mailing list